Overwriting proposal produces segfaults
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ipsec-tools (Ubuntu) |
New
|
High
|
Unassigned |
Bug Description
Hello,
not sure if this is security related, but: better safe than sorry....
If one overwrites a proposal in an inherited remote configuration, racoon produces a "double free corruption" like this:
===== SNIP ====== 8< =================
^C2012-11-19 12:34:31: INFO: caught signal 2
*** glibc detected *** racoon: double free or corruption (fasttop): 0x00007f59716cbc20 ***
*** glibc detected *** racoon: corrupted double-linked list: 0x00007f59716cbc90 ***
====== SNAP ======= >8 ==============
Which let's racoon crash and prevents it from exiting which causes the init script to wait forever. The only way to recover, is to kill it with SIGKILL.
A proposal overwrite looks like this:
==== SNAP ===== 8< ==================
remote 0.0.0.1
{
doi ipsec_doi;
situation identity_only;
ca_type x509 "host.cacert.pem";
dpd_delay = 10;
dpd_maxfail = 5;
ike_frag on;
passive on;
proposal
{
}
}
remote anonymous inherit 0.0.0.1
{
mode_cfg off;
proposal
{
}
}
========= SNIP ========== >8 =============
Or it coredumps when exiting. The coredumps occur depending on what was changed in the remote section that is used for inheritance.
If you have further questions, feel free to contact me.
Thanks!
KR,
Oliver
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: racoon 1:0.8.0-9ubuntu1
ProcVersionSign
Uname: Linux 3.2.0-33-generic x86_64
ApportVersion: 2.0.1-0ubuntu15
Architecture: amd64
Date: Mon Nov 19 12:31:49 2012
InstallationMedia:
MarkForUpload: True
ProcEnviron:
LANGUAGE=en_US:en
TERM=screen
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: ipsec-tools
UpgradeStatus: No upgrade log present (probably fresh install)
modified.
modified.
mtime.conffile.
information type: | Private Security → Public |
Changed in ipsec-tools (Ubuntu): | |
importance: | Undecided → High |